Privacy statement Legaltree
This privacy statement applies to the processing of personal data (hereafter also ‘data’) by Legaltree. ‘Legaltree’ means: Legaltree B.V., established at Rapenburg 83 (2311 GK) at Leiden, and each attorney-at-law, (nominee) civil-law notary
and practice company individually affiliated to Legaltree B.V. who at any moment is specified as such on the website www.legaltree.nl or as a Legaltree partner.
Hereafter, Legaltree is also referred to as ‘we’. The person whose personal data is processed is also referred to below as ‘you’.
What data do we process and why?
We process the following types of personal data for the following purposes:
- We use contact data (such as name, address, place of residence, telephone number, e-mail address, name of company/business, function), and payment data (such as bank account number) of our clients or contact persons of clients, for the purpose of identifying our clients or contact persons of clients, to communicate with them, to keep files up-to-date and to process payments.
- We use some contact data of clients or contact persons of clients (name, e-mail address, telephone number) for the purpose of informing them about events organised by Legaltree, and for the rest, in order to maintain a business relationship with them.
- For the purposes of our identification obligation, it may be necessary for us to request and store a copy of the identity document of clients or company directors of clients and ultimate owners of clients which are legal entities.
- We use personal data which are recorded in our case files (including personal data regarding our clients, opposite parties and third parties) for the purpose of promoting the interests of our clients in the relevant matter, for registration of the case in our administrative records system and to carry out ‘conflict checks’. The personal data which is recorded in our files also includes personal data in (electronic) messages which are sent to or received by us.
- We use data (such as name, address, place of residence, telephone number, e-mail address, bank account number, VAT number) of our suppliers or contact persons of our suppliers for the purpose of the execution of the agreement which we have with them, or in order to communicate with them, to inform them about events organised by Legaltree and for the reset, maintaining a business relationship with them.
- We use contact data (such as name, e-mail address, telephone number) of other persons with whom we have contact for the purpose of communicating with them.
- IP addresses of visitors to the Legaltree website can be used for purposes of keeping website statistics up-to-date and to make the website more user friendly.
From whom do we receive what data?
In some cases, we receive your data from other parties or persons:
- We can receive data of opposite parties or contact persons of opposite parties, such as name, contact data and information which is essential for the file, from clients or other attorneys-at-law/civil-law notaries whose files we take over. We can also receive data of opposite parties or contact persons of opposite parties from opposite parties themselves and/or from bailiffs.
- We may request data for purposes of registration of the file of company directors from the trade register of the Chamber of Commerce, such as name, address, place of residence, date of birth, place of birth.
- We may request data from public sources for the purposes of handling the file, such as the Land Register, the trade register of the Chamber of Commerce, the Key Register of Persons (BPR) and the Internet data such as name, address, place of residence, date of birth, place of birth, or other information which is relevant in the framework of the handling of the file.
- In the framework of payments to the Foundation for Client Funds (Stichting Derdengelden) Legaltree, the Client Account data can be transferred to us from opposite parties and/or third parties who make payment into the Client Account. The data is only shared in the framework of the handling of the file and the payments arising therefrom.
Who do we share your data with?
We process the personal data, as starting point, only for ourselves and for the purpose of handling of the file. However, we share your personal data with other parties in the following cases:
- ICT-service providers. We make use of ICT service providers, for the purposes of hosting the website, e-mail functionality, electronic files, intranet, telephone system and time recording. Those ICT service providers only store the data and only on occasion may they have access to it for the purpose of management. The ICT service providers are established in the Netherlands.
- Accountants/auditors. When we outsource our accounting records, personal data of suppliers which are on the invoices must also be passed on to the accountant or auditor. The accountants and auditors are established in the Netherlands.
- Other suppliers. We also use other suppliers (including assistants) which must process personal data for this, such as archiving companies, mail processing companies, secretaries and translators. As starting point, the suppliers are established in the Netherlands. If it concerns legal assistance or legal proceedings in another country, then the suppliers (for example, translators) could also be established abroad.
- Experts. For the purposes of handling a file, it might be necessary to engage experts (such as, for example, medical experts, technical experts or financial experts). Under circumstances, data will be shared with those experts.
- Other lawyers. We can share data from the files with lawyers of opposite parties, as starting point for the purposes of a dispute or legal proceedings. In the case another lawyer takes over a file from us, or works together with us in a file, data will also be shared with him/her, for purposes of taking over or handling the file.
- Stichting Derdengelden (Foundation for Client Funds). For purposes of payments to the Stichting Derdengelden Legaltree, we can share the names of clients, opposite parties or third parties with the Stichting.
- Civil Law Notaries. For the purpose of transactions, we may share data with the civil law notaries involved.
- Bailiffs. In the framework of a dispute or legal proceedings, we may communicate data, particularly in procedural documents, to bailiffs for the purpose of service of documents or other tasks.
- Judicial authorities. In the framework of a dispute or legal proceedings, we may share data, particularly in procedural documents, with the relevant judicial authority with whom we are conducting proceedings. In the framework of this statement, judicial authorities also include arbitral tribunals and binding advisors.
- Mediation.In the framework of a mediation trajectory, we may share your data, particularly in the documents exchanged, with the relevant mediator.
- Dutch Bar Association (Orde van Advocaten). In the framework of monitoring by the Dutch Bar Association, we could be obliged to grant access to some files, which could also contain data from you. The Bar associates have a duty of confidentiality vis-a-vis these data.
- Government authorities. Government authorities may oblige us to provide certain personal data. This, however, only applies if it is possible for the government authority to breach our legal privilege.
The experts, other lawyers, civil law notaries, bailiffs, judicial authorities, mediators and government authorities are, in principle, established in the Netherlands. However, if it concerns services such as legal aid to a foreign client or a dispute, mediation or legal proceedings (connected with a person or party) in another country, then those persons may also be established outside of the Netherlands.
Are you obliged to provide certain data?
Yes. In order that we comply with our statutory identification obligation, we need a number of basic data on the basis of which we can identify you (name, address, place of residence, if necessary, a copy of your passport).
In order to be able to handle your file and to provide you legal assistance, we will need certain data about your situation. It goes without saying that we shall consult with you in advance about this providing of data.
On what basis (‘legal bases’) is the use of your data based?
We use your data on the basis of the following bases (‘legal bases’):
- the data are necessary for the concluding and/or executing of an agreement of assignment which we have with you, or to which you are party.
- In order to fulfil our statutory obligations, this including the identification obligation and the tax administration obligations.
- The data are necessary for our justified interests, or those of another. The justified interests are specified in this privacy statement.
- For specific processing, we might require your separate permission.
Do we transfer your data to outside of the European Economic Area (‘EEA’)?
The data in your file is stored electronically with an ICT service provider and physically with an archive company in the Nederland.
The other parties or persons, specified here above, with whom we share the data are, as starting point, established in the Netherlands. However, if it concerns legal services such as legal aid to a foreign client or a dispute, mediation or legal proceedings in another country, then those persons or parties could well also be established outside of the Netherlands and also outside of the EEA. That also applies to clients, opposite parties or other involved third parties outside of the EEA. We could thus be required to transfer certain personal data to those parties or persons outside of the EEA; that always takes place exclusively for the purpose of granting legal assistance.
The data in our time recording system is stored within the EEA, however, a fully encrypted back-up thereof is stored outside of the EEA; this back-up, however is exclusively accessible by us.
How long do we store your data?
We store your data for no longer than is necessary for the purpose for which we collect, receive and/or use it. Thereby the following storage criteria are applicable:
- We store contact data of clients for as long as we provide legal services for them and for up to five years after the termination of the relationship. If it concerns contact data which is contained in case files, the storage period here below is applicable to case files.
- For data in case files, this including the (electronic) messages which have been exchanged therefor in the framework of our legal services, a maximum storage period of 20 years is applicable.
- For data from suppliers and other persons with whom we have contact, including (electronic) messages which have been exchanged, a maximum storage period of 10 years is applicable.
- For data which is contained in our financial records, particularly on invoices, a maximum storage period of seven years is applicable.
What rights do you have?
You have, on the basis of the General Data Protection Regulation (GDPR) in all events the following rights with regard to your personal data:
- right to a copy of and to request access to your data;
- to receive information about the processing of your data;
- to have incorrect data corrected;
- to complete incomplete data, in light of the purposes for which those are processed;
- to have your data erased;
- to have your data ‘limited’;
- to lodge objection against the use (the processing) of your data;
- if you have given permission for the use of your data, to withdraw that permission. The withdrawal thus also applies to future use of your data;
- if you have provided data yourself or when data has been made by you and you have given permission or the data are necessary for the execution of the agreement, and if the data are processed electronically: in order to achieve a structured and commonly-used format and, if that is technically possible, to have this transferred in this manner to another party;
- to submit a complaint to the competent privacy supervisory authority, in the Netherlands, which is: the Personal Data Authority.
It could be that in certain cases, we have the right to refuse your request, for example, when this is necessary in the interest of the case we are looking after, or because certain data falls under our duty of confidentiality. In that case, we shall explain to you why we have refused the request. If we have an agreement with you, it could be that we can no longer execute it if we do not have certain data from you; again, we shall explain this to you.
What if you have requests, questions or complaints?
In order to exercise your rights or if you have complaints about the processing of your personal data, please contact the Legaltree partner who is your account manager or send an e-mail message to firstname.lastname@example.org. The contact information of all Legaltree partners is to be found on our website.
If you do not wish or no longer wish to be approached by us in the framework of maintaining a business relationship, please inform the relevant Legaltree partner or notify via email@example.com. We shall then no longer approach you for this.
If you have general questions about this privacy statement, please send an e-mail message to firstname.lastname@example.org.
Can we amend this privacy statement?
Yes. This privacy statement is dated 21 October 2021. We reserve the right to amend this privacy statement. If the amendment is important, we shall notify you, for example, by sending you an e-mail message.